Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
569
Views
0
Helpful
3
Replies

LWA with MAB using ISE

Nicholas Copeland
Level 4
Level 4

‎02-27-2013 07:26 AM - edited ‎03-10-2019 08:08 PM

I am trying to setup a wireless solution using a 4400 series controller and ISE to present a web auth page for users to log in and register there device. I also want them to have to accept the AUP. After the device is registered I don't want them to have to see the web auth page again using Mac Filtering. Which I believe will work based off some research I have done. The real question I have is if I can force users to periodically to have to reauth that device or to reaccept the AUP? I don't want to actually have to manually disable the accounts or delete the device out of the database to force them to verify the device and account again.

Really what I am trying to get is the experience you see at a hotel. Where you are given a username and password and regardless of whether you restart yoru computer or leave for the day you are valid for the set time frame they give you. After that you have to reauthenticate your device.

Any ideas if this is supported or how to do this?

Labels:
0 Helpful
3 Replies 3

mjensen323
Level 1
Level 1

‎02-27-2013 12:15 PM

Under Web Portal Management

Settings

Guest

-> Portal Policy

You can specify expirations, etc...

Would that accomplish your goal?

0 Helpful

Nicholas Copeland
Level 4
Level 4
In response to mjensen323

‎02-27-2013 12:56 PM

No only because that expires the account and not the device from what I can see. I am looking to never expire the account so I am not even building them as Guest users. I had just wanted to expire the device or force them to have to re-auth the device after a certain period of time.

0 Helpful

Nicholas Copeland
Level 4
Level 4
In response to Nicholas Copeland

‎03-01-2013 09:12 AM

So I am killing the need to re-accept the AUP page. But I am having issues with the LWA and the return radius COA coming back to the controllers. I can see in ISE that the device is being authenticated via MAB but I am still getting sent to the splash page regardless. I tried to change the Radius state to Radius NAC on the controller but it won't let me apply that setting to an open SSID. It works on the 7.2 controllers just not on the 7.0 controller. Any ideas of how to get LWA with MAB to work using ISE as the external web auth page and for the controller to accept the COA from ISE?

Sent from Cisco Technical Support iPad App

0 Helpful
Customers Also Viewed These Support Documents